Backup Process:

1. Stop the ManageEngine EventLog Analyzer service.

2. Open a command prompt with admin privileges.

3. Navigate to <dir>:\ManageEngine\EventLog Analyzer\bin.

4. Execute the following commands to ensure that the instance is completely shut down:

1. shutdown.bat

2. stopDB.bat

3. stopSEC.bat

5. In the same cmd window, navigate to <dir>:\ManageEngine\EventLog Analyzer\ES\bin or <dir>:\ManageEngine\elasticsearch\ES\bin.

6. Execute the following command to ensure that the Elasticsearch engine is stopped.

1. StopES.bat

7. Open Task Manager ⇾ Details tab and ensure that the wrapper.exe, SysEvtCol.exe, postgres.exe, and java.exe processes are not running from EventLog Analyzer installation directory path. If they are running, end the task manually.

8. Take a copy of the entire ManageEngine\EventLog Analyzer as well as ManageEngine\Elasticsearch directory or take a snapshot of the Virtual Machine.

9. Now that the backup is complete, start the ManageEngine EventLog Analyzer service.

10. Then, go to the <dir>:\ManageEngine\EventLog Analyzer\logs folder ⇾ open wrapper.log file ⇾ go to the end of the document ⇾ check for the line "Connect to: [http://localhost:8400]". This ensures that all the modules are started and the instance is up and running. 

1. Copy the backed up folder to the original location.

2. Open a command prompt with administrator privilege.

3. Navigate to <dir>:\ManageEngine\EventLog Analyzer\bin.

4. Execute initpgsql.bat.

5. Make sure the service is installed, if it is a new path.

6. Start the ManageEngine EventLog Analyzer service.
   

7. Or else, you can simply restore the VM Snapshot and start the ManageEngine EventLog Analyzer service.